How to setup Two Factor Authentication in pgAdmin 4

January 15, 2023

Two-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. It requires an additional login credential - something you have - to gain account access, in addition to your password (something you know).

This feature is only available in Server Mode.

pgAdmin 4 supports two types of 2FA:

  1. Email Authentication

  2. Authenticator App (e.g: Google Authenticator)

Configure Two Factor Authentication

Configuring Two-factor Authentication for pgAdmin 4 requires editing config_local.py or config_system.py on the system where pgAdmin is installed in Server mode.

Read more at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html

You can copy the settings from the config.py file and modify the values for the following parameters:

Note: You can also force users to configure the two-factor authentication methods on login by setting MFA_FORCE_REGISTRATION parameter to True.

Setup Two Factor Authentication from pgAdmin 4 GUI

To setup Two factor authentication from pgAdmin 4 for a user you must click on Two-factor Authentication in the User menu in the right-top corner. It will list down all the supported multi-factor authentication methods.

Click the Setup button next to Email Authentication. Please follow the instructions provided:

Note: You must set the Mail server settings in config_local.py or config_system.py in order to use email as a two-factor authentication method. Read more about Mail server settings at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html

Setup using Authenticator App (e.g: Google Authenticator)

Click the Setup button next to the Authenticator App. Scan the QR code and enter the code from the authenticator app.

You will see the Delete button for the authentication method if it has already been configured. Clicking on the Delete button will deregister the authentication method for the current user.

Verifying the Configuration

Verify the setup by logging out and logging back in from the pgAdmin once the setup is complete. To authenticate, you can either use the Authenticator app or email authentication. It's not compulsory to set up both authentications, you can either set up one or the other.


Conclusion

Add an additional level of security to your pgAdmin accounts with the Two Factor Authentication feature in pgAdmin 4.

Share this

More Blogs

Explaining ABI Breakage in PostgreSQL 17.1

PostgreSQL comes out with a scheduled major release every year and scheduled minor releases for all supported versions every quarter. But in the November minor releases, two issues caused the...
December 06, 2024

PGVector as Embedding Store in PrivateGPT

EDB has a long history of open source contributions, and while we’re best known for our contributions to Postgres, that’s not the only project we contribute to. e.g Barman, CloudNativePG...
June 05, 2024

pgAdmin User Management in Server Mode

pgAdmin can be deployed as a web application by configuring the app to run in server mode. One can check out server deployment on how to run pgAdmin in server...
August 24, 2023